GRIN Is committed to maintaining the security of our networks and protecting our customers’ data. The security researcher community regularly makes valuable contributions to the security of organizations and the broader internet, and GRIN recognizes that fostering a close relationship with the community will help improve our own security. GRIN accepts and acts on vulnerabilities discovered by security researchers.
GRIN has set the following boundaries for security testing. In scope is the following websites.
Out of Scope
While we encourage you to discover and report to us any vulnerabilities you find in a responsible manner, the following conduct is expressly prohibited:
GRIN pledges not to initiate legal action against researchers for penetrating or attempting to penetrate our systems as long as the security researcher adheres to this policy.
In order to submit a vulnerability report to GRIN’s Security Team, please utilize the OWASP Vulnerability Disclosure Cheat Sheet. GRIN has set the following criteria for vulnerability reports.
What you can expect from us:
If applicable, GRIN will coordinate public notification of a validated vulnÎerability with you.
When possible, we would prefer that our respective public disclosures be posted simultaneously.
In order to protect our customers, GRIN requests that you not post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability and informed customers if needed.